The Salon Owners Podcast: Phorest FM Episode 62 (Preparing For GDPR)

Welcome to the Salon Owner’s Podcast, Phorest FM Episode 62. Co-hosted by Killian Vigna and Zoé Bélisle-Springer, Phorest FM is a weekly show that puts forth a mix of interviews with industry thought-leaders, salon/spa marketing tips, company insights and information on attending Phorest Academy webinars. Phorest FM is produced every Monday morning for your enjoyment with a cup of coffee on your day off.

Phorest FM Episode 62

The EU’s new General Data Protection Regulation will be coming in effect on May 25th, 2018. The earlier you start preparing for it, the less of a panic there’s going to be and you will have the opportunity to turn it into an advantage for your salon. But the first step in doing that has to be understanding what GDPR is and how it’s going to impact your business. Tune in on this week’s episode as Phorest Salon Software’s Head of Marketing, Connor Keppel, joins Killian and Zoe to shed some light on the EU’s latest legislation and its effect on salons and spas.

Audio

Transcript

Killian Vigna: This week’s episode focuses on the new European General Data Protection Regulation that will come into effect May 25th, 2018.

Zoe Belisle-Springer: And joining us on the show to help you understand and prepare for GDPR, is Phorest Salon Software’s Head of Marketing, Connor Keppel. As always, we top off the show with our upcoming Phorest Academy webinars.

Killian Vigna: So grab yourself a cup of coffee, sit back, relax and join us weekly for all your salon’s business and marketing needs. Good morning, Zoe.

Zoe Belisle-Springer: Good morning, Killian. How are you?

Killian Vigna: I’m good now. So, interesting one because we’ve heard so much about this. I feel like everyone here is living, eating, sleeping it for the last couple of months now at this stage.

Zoe Belisle-Springer: Definitely. At least people in Europe, yeah.

Killian Vigna: Yeah. Well, anyone that was at the Salon Owner’s Summit, they got to attend a workshop with Paddy, the Head of Product, with a lovely e-book and a nice website. And now, we have Connor Keppel, who is about to kick off some webinars. Welcome to the show, Connor.

Connor Keppel: Good to be here. Thanks, guys.

Killian Vigna: So again, not your first time on the show, but it’s a topic that you’re going to be presenting webinars. Now, is this to everyone, or is it to just clients, or how does it work out?

Connor Keppel: We do the webinars for anybody that wants to attend them. We’ve emailed out so, basically, if you sign up to anything on our website you’ll probably get emails about all the different webinars we do so it’s in that list. But we also actually have a specific resource that you can keep referring back to. It’s a website called <salongdpr.com>. So there we have, well, it’s kind of like a four minute intro to GDPR. How it affects specifically salons. On that as well, you can actually download an e-book and the e-book is like a denser kind of, I guess, 15/20 page booklet on all the kind of nitty… I won’t say all the nitty gritty details, but a deeper dive into what GDPR’s all about.

Killian Vigna: Yeah, because we’re just going to touch off the subject today to say for anyone that, I suppose, hasn’t got to attend any of the workshops or stuff like that, it’s just kind of touching off what exactly is it. That website that you were just saying there is pretty cool because it’s kind of interactive as well, and as you go down you can check out, like, kind of the cost for your salon and stuff like that as well.

Connor Keppel: Exactly, yeah. We’ll probably be discussing more about it in a few minutes, but you can… Yeah, there’s different little interactive tools. One is you can, it’s like a sliding bar. So, depending on what revenue’s in your salon, it’ll kind of calculate what fine you would get really if you were in breach of GDPR.

Killian Vigna: We’ll talk about the fine a bit later on.

Connor Keppel: Yeah, yeah, yeah.

Zoe Belisle-Springer: First off, I suppose, like, why are we doing so much around GDPR? What is it and how will it affect a salon owner’s business?

Connor Keppel: Sure. So, I guess, to start off, GDPR is the General Data Protection Regulation. So, this affects any business really that’s operating within the European Union. Really what GDPR is, is it’s a data, as the name suggests, it’s a data protection regulation. The reason the EU is doing this, I guess, is currently in Europe, let’s say Killian here is a consumer in Spain, let’s say Zoe’s in Finland and Connor is in Ireland. Those member states probably have their own data laws. Okay? So there’s no kind of consistent law across every single European State currently.

What the EU wants to do is that as people move around Europe, that they know that they’re protecting consumers because there’s a European-wide regulation that protects consumers’ personal data no matter what kind of business you’re interacting with. The reason that we’re talking about it a lot is, basically, any business that has any sort of personal information is going to be regulated by the EU and this GDPR regulation. So, really, in other words, if you’re collecting contact details, and salons will collect much more personal information, it could be medical-type information, then you need to comply by this GDPR regulation.

I guess, for the want of a better way of putting it is, the EU is going to be really heightening consumer awareness saying that, if you’re in Europe, you have these rights, and the business should not be doing this X, Y or Z with your data and that’s going to European-wide and salons are very data rich businesses. They have data on appointments, they have data on contact details, like I said, medical type information. So, obviously, GDPR is really going to apply to salons. It’s something that we, as an organization, want to help, I guess, you guys get ready for and just, yeah, be ready for when GDPR comes in.

Killian Vigna: So, you’re saying every European country has their own kind of version of it at the moment and this is just to, I suppose, make it more transparent? What about the US then and UK, so, anyone that deals with a European?

Connor Keppel: Yeah. Well, the UK is obviously still within the EU. So, when I’m saying kind of every member has kind of their own version of GDPR, I don’t mean their own version of GDPR. I mean kind of, like, they have some sort data-

Killian Vigna: Some sort of regulation.

Connor Keppel: Some sort of data protection laws in place. But this is going to be like in a European-wide standard. The US has, generally speaking, a lot tighter data laws than a lot of EU member states anyway. But the UK has an interesting one because salon owners often ask me and say, “Look. Brexit…”

Killian Vigna: Will they won’t they, right?

Connor Keppel: Yeah. Is Europe applicable to us? In reality, if businesses are going to continue to do trade with any other country in the EU… So, you can imagine if I’m a… I’m going to make this up. Like, a hotel booking service, a hotel booking website, and I have consumers that are booking rooms from Ireland and from Finland before they travel to the UK. You’re collecting data from other European member states, so you’re going to need… The UK, even if Brexit happens and they leave, the UK is going to need something that is at least, and I mean that at least, as stringent as GDPR in order to continue to do trade with other European countries. Otherwise, if Ireland wants to do some sort of business with the UK and they don’t have an equivalent to GDPR-

Killian Vigna: You can’t do it.

Connor Keppel: …then the business in Ireland is breeching it because they’re going to say that if I transfer any data across to the UK, for instance, and they don’t protect it the right way, I’m exposing that consumer data and that’s on me.

Now, it may not affect salons so much internationally but the reason it will affect salons in a way is that because the UK is going to have to have, like I said, something that is, it might not be called GDPR but it will have to be as watertight as GDPR at least if not more and that’s obviously going to affect salons. So, what I say to salons in the UK is, “Guys, if Brexit happens, you still need to prepare for GDPR, because whatever comes after that is going to be, like, probably realistically kind of a carbon copy of GDPR.”

Killian Vigna: Yeah, because this is like what you were saying. Here’s the bare minimum if you want to deal with us. So, either carbon copy it, or make it better.

Connor Keppel: Correct.

Killian Vigna: So, they can’t be below it.

Connor Keppel: Yeah.

Killian Vigna: And I think the UK have been kind of building on their own thing towards Brexit for the last year or two anyway, so it will be coming into place for anyone that is a salon in the UK.

Connor Keppel: Yeah. Definitely. And, like I said, the way I would do it is, I would just prepare for GDPR and then I think by preparing for GDPR you’re kind of preparing for whatever comes after it.

Zoe Belisle-Springer: Well, in terms of like us being a software company dealing with our clients, which are salon owners, who is responsible for what in GDPR? Because obviously we’re treating client information and things like that as well.

Connor Keppel: Yeah. So, there’s kind of two parties that are really responsible in GDPR. There’s what’s known as the controller and the processor. So, the processor is the tool. So if you look upon Phorest Salon Software, we’re storing data. We’re allowing people to collect data. We’re allowing salons to collect the email addresses and medical details or whatever, of their clients. So, it’s our responsibility, as a processor, to provide the salon owner with tools that can be used in a GDPR compliant way. Okay? So, that’s kind of the responsibility of the processor.

Then the salon owner is what’s known as the controller. So, the controller is the person really that’s actually using the data. For instance, you can collect something in a GDPR compliant way but obviously, that doesn’t mean that you don’t have the responsibility. It’s on you to make sure, for instance, that if people are not opted in for marketing, that you don’t send them marketing. So Phorest can help you opt them in properly, it could do all that, but that doesn’t mean that isn’t your responsibility as a salon owner to use that data in the correct way.

So, there’s two kind of parties involved and it’s kind of like a shared liabilities between the controller as a salon and the processor as Phorest. But I think where the majority of, I guess, the danger of a breach of regulation lies is with the controller. Because if, say, we use our own types of software here in Phorest, and for a collecting information we might collect it in the right way, but if it were a case that we sent out a marketing campaign to people we shouldn’t have or something along those lines that’s on us as the controller. So, the processor has to say, “Yes, I have provided the salon with the correct tools and with the right functionality, etc, to be able to operate in a GDPR compliant way,” but it is still on the salon owner to actually be GDPR compliant in terms of how they use that information.

Killian Vigna: It’s their responsibility, but we’re just helping them kind of control and store that information.

Connor Keppel: Correct. It would be like some softwares, for instance, and we won’t go too far on this road, different of regulation might be around credit card details, encrypting people’s credit card detail, all of that kind of thing. So we have to, when it comes to data and GDPR, we are providing a way to collect people’s information the correct way, to store people’s information in the correct way, and we can guide the salon owner to say, “Look, guys.” We can guide our clients to go, “Here’s what you should and shouldn’t do with the information,” but it is still on the responsibility of the salon owner to ensure they are using that information in a correct way.

Zoe Belisle-Springer: So, you’ve mentioned encrypting credit card details and such for the processor, so for us the software. What kind of data is going to be affected on the salon’s side?

Connor Keppel: So, the data that applies to GDPR is not so much financial data, it’s more personal details. So, things like names, PPS numbers, addresses, mobile phone numbers, medical conditions. All of that type of information. If you’re collecting any type of information related to an individual, it almost applies to GDPR, and it’s really about that type of data. Basically, there’s a couple of, I guess, things that are really, really stringent when it comes to GDPR, okay? The first is, have you got consent to collect that information? Did you collect that information from the client who comes into your salon? Do they know what they’re handing over in terms of information and do they know why they’re handing it over? And have they explicitly opted in to say, “Yes, I want to receive these types of marketing messages. Yes, I know you’re going to use my information for improving your treatments. Yes, I know whatever.”

So, the difference was, in the old days, we kind of collected information and there’d be kind of a vague box at the bottom that you just kind of a very generic statement and even sometimes it might be pre-ticked and you had to un-tick. With GDPR, you have to say, “Here is the information I’m collecting. I am collecting it for these reasons,” and you have to get the person not to opt out, or to, I think, you have to get them to opt in to say, “I understand and I understand you will be using the information for these different reasons and I am okay with that,” basically.

It’s like… You’ve seen it on some marketing forms before probably where it’s like, “Are you okay to receive offers?”

Killian Vigna: That’s what I’m thinking, yeah.

Connor Keppel: It’s like a much more stringent version of that. Those kind of vague tick this box. We’ll send you absolutely everything under the sun kind of days are unfortunately coming to a bit of an end with GDPR.

Killian Vigna: Yeah. It’s like with the newsletter, sign up for newsletter but it’s not until you go to unsubscribe from the newsletter that you’ve actually unsubscribed for six different versions of that newsletter.

Connor Keppel: Yeah.

Killian Vigna: Now, you have to clearly state every bit of information essentially.

Connor Keppel: Yeah. Now there is, and there’s gray areas as well, right? So, every law has its gray areas, as you know.

Killian Vigna: [inaudible 00:11:56].

Zoe Belisle-Springer: [inaudible 00:11:56].

Connor Keppel: Yeah, yeah. There is one thing that is described as legitimate interest is an area within GDPR as well, okay? So you, and I don’t like want to go too far down this road, because there’s a lot of debate about this as we speak. I’ve actually seen articles on it today so there’s kind of people trashing back and forth about it currently. But legitimate interest is you can still send things to people that they may not have explicitly opted in if you have a good enough reason to do that.

So, for instance, an example might be… could you argue that you’re sending people… If somebody comes to your salon every single week, okay, and they’re coming in to get their appointments, and you have a major problem with parking at the moment or there’s some major construction going on, or something like that. Of course, they may not have explicitly opted in to get that message, but you could still send it to them because it’s information that’s of legitimate interest and it’s for them and for their needs as well. The talk at the moment then is like, “Well, is there certain types of marketing that are legitimate interests?” So, I hear one debate on, for instance, say if Mary comes into Connor’s salon every single week and I send her a discount saying, “Next week, I have 20% off.” Is it in her legitimate interest that she should really come in next week because she’ll get it cheaper than she will normally, which is helping her save money? So that’s a legitimate interest. And then, other parties are like, “Wait a minute, that’s marketing.” This is where the gray area is-

Killian Vigna: [crosstalk 00:13:15] you know Connor is a marketer right now.

Connor Keppel: This is where the gray area is at the moment. So, I can’t say that that is a legitimate interest by any means but, yeah, those types of data.

Killian Vigna: The likes of the reminders. So, are they okay?

Connor Keppel: They are what’s… Yeah. Those are kind of things are what’s basically known as transactional texts.

Killian Vigna: Yes.

Connor Keppel: For instance, if you purchase something online and you get an email, for instance, saying, “Here’s your receipt and your invoice.” Like, that’s fine. Like, that’s a transactional… Like, that’s actually proof or evidence of your purchase. That’s for your records.

Killian Vigna: It’s a form of receipt.

Connor Keppel: Correct. Let’s get into a salon example for one second, right? So, when I’m collecting information, it’s all about what information are you collecting and do you have the right consent? So, questions that I can legitimately turn around in terms of data protection and say that I was right to ask are, for instance, “Have you any allergies?” Right? If you’re coming to get a facial and I ask you if you have any allergies, like, that’s an absolutely perfectly okay question to ask. Why? Because that’s actually for your own safety.

Killian Vigna: So many different chemicals in the ingredients that you need to know.

Connor Keppel: Yeah, exactly. So, you could sort of write down why you’re using that information. For example, “I’m using this because we need to know for obviously for to operate properly and to make sure that we’re providing the best treatment and that it’s medically safe.” Where you get into no-no’s really is asking something like, “What’s your salary range?”

Killian Vigna: Because that has come up… Like your job title or something. [crosstalk 00:14:34].

Connor Keppel: Yeah, you can ask things like that. So, I’m coming in for a facial. Why do you need to know how much money I earn? Well, in reality, probably the reason why the salon might ask that is, “Ooh, well Connor earns good money so maybe if he has a lot of disposable income he’s going to buy more retail so I’ll target him with retail offers.” That’s not a legitimate collection of data. That’s using data for marketing purposes, but that’s not a proper piece of data that’s GDPR compliant.

So again, to come back to it, what information are you asking? It’s on you, as a salon owner, to say another part of it called data minimization. You should only be asking for data that you actually really need for legitimate purposes. So, asking a salary range, for instance, is not a legitimate purpose. It’s personal information that you don’t or shouldn’t be collecting, for instance.

Killian Vigna: So, on that note, can a client challenge you on certain information that you asked for? Or, if you’ve already given information that is now, I suppose, with GDPR coming in… So like that, if they gave their salary or their job title before GDPR and now since GDPR they can ask for that to be removed? Things like that.

Connor Keppel: So, there’s a couple of parts to that question. The first one we’re working out, at the moment, about retrospective opt ins, okay, and we’re still getting clarification from our legal advisor on that. So, I don’t want to say for definite or not for definite in terms of do you need to re-opt in every single person on your database that has opted in in the past in a GDPR complaint way going forward? I don’t know that yet for definite. We’re still figuring that out.

And then, the second part to your question was-

Killian Vigna: Can a client ask for their data to be removed completely?

Connor Keppel: Yes, they can indeed. There’s a couple of things that they can ask, right? With GDPR, again, if you come back to consent, it’s the most important thing for a salon. How did you collect it? Why did you collect it? Where are you storing it? Who has access to it? How long are you going to store it for? What are you using it for? They are all the questions that you have to be able to answer, and you need a full audit trail on all this stuff with GDPR. Okay?

So, you can imagine, if you were on pen and paper, you need to keep any sort of information in a safe and you’re going to have to have an actual, like, a ledger that people sign in saying it was Killian. I accessed at this time. I used it for this purpose. Physically writing it down and then taking it back out again. If you’re on pen and paper, it’s just, it’s going to be an absolute nightmare.

Connor Keppel: Yeah, yeah. I mean you could store it in a safe in a time safe, for instance. I mean, I’ve heard people saying, like, “Well, you need a camera on the time safe in order to prove that it actually really was Killian that had the access at that time.” Like, it’s into crazy levels of stuff.

But just in terms of, you rightly asked about can the client… “What are the rights of the client in this?” So, in reality, people are saying, “Who’s going to come knocking on my door and forcing GDPR?” I personally think what’s going to happen is that the EU is going to give a lot of money to each member state to run national advertising campaigns around GDPR, and they are going to say, “Here is your right as a consumer. Here’s what the EU is doing to protect your data as a consumer. Know your GDPR rights.” I think there will be some sort of campaign around that.

Then, I think, in terms of what the client can do is, well, they can raise a complaint. It will depend on the member state who they raise their complaint with. Might be a data protection agency, or it might be an ombudsman, we need to figure that out. But what they will do is they have to write to ask for their data to be forgotten. So, they can walk into you and they can say, “I need you to delete every single piece of information you have for me anywhere-“

Killian Vigna: Indefinitely.

Connor Keppel: …in this salon. Indefinitely. Now. And you need to also send me, within a certain timeframe, you need to be able to, like, basically call me or send me information to prove that you have done that or to say that all your information has gone. The second thing is then, what the client can do, and this is kind of the more difficult part. There’s a thing known as a SAR, which is a subject access request. So, I can walk into a salon, as a consumer, and I can say, “I need to know what data you have on me. I need to know who has accessed that data. I need to know why they had access to it. I need to know how you’ve used it. I need to know where you’ve stored it. I need to know when you collected it. I need to know how long you’ll keep on collecting it for. I need to know what you want to use if for.”

So, this is like the kind of information. Like, you need to be able to do… And again, I know I work for software, and I won’t say it, but doing that with pen and paper is just going to be-

Killian Vigna: It’s going to be a nightmare.

Connor Keppel: …it’s going to be a nightmare. But, yeah. So that’s kind of the rights of the consumer really under it and what they can do in terms of requests and demanding that their rights be protected. Again, I’m going to say, guys, it’s for me GDPR when it comes to salons is really about consent. Did you get the correct opt in at the start? Did you tell them and have you got an audit trail? So, in our software, for instance, when people access information, each person in the salon should have a PIN number that’s assigned to them. So in other words, to access Phorest you have to type in a PIN so that’ll have a log of who’s accessed the software.

Killian Vigna: The audit trail.

Connor Keppel: The audit trail of who’s accessed it. You’ll also have campaign stuff in terms of what’s, you know… Yeah, it’s messy. It’s very, very messy. But, again, I’m going to say to it, it just comes down to how you’re collecting that information at the start. So, are you collecting it through, like, a GDPR compliant, we’ll say, a digital consultation form in Phorest or equivalent on whatever other software, pen and paper? How you’re collecting that information? Have you opted them in correctly and do you have a way of keeping an audit trail? And that’s going to be all really, really important, and automating that because otherwise it’s just going to be a nightmare. So, how big a nightmare that will be is going to come down to how is the EU going to push and fund each member state within Europe to heighten the consumer awareness to advertising and so on. Are they really going to do that, or will be not as big as we think? And that’s like the elephant, or that’s the million dollar question, I guess.

Killian Vigna: Well, the fact that software is so big at the moment and data is everywhere. If you look it’s not going to be that long before it is going to be clamped down like that.

Connor Keppel: Yeah, yeah, yeah. Absolutely. I mean it’s not a huge surprise that Europe’s going down this route. I mean, it’s not all bad news, by the way, for a salon, I think. I do think there’s silver linings to this.

Killian Vigna: It streamlines a lot of your admin work.

Connor Keppel: Well, it streamlines it. Yeah, it does. But it does also add certain expose types of admin depending on how you do it. Again, if you’re using software or not, etc. But there is opportunities, I think. I think there’s kind of like what’s known as a first move or advantage with this. The salons that come out early saying, “We’re going to start collecting information in the right way as soon as possible, and start doing this in the right way early on.” I think that sends a great message to our clients. So, obviously, we really care about making you look good and feel great and providing you with the best customer service and the best treatments and the best styles, but we also really care about protecting your data. We don’t use it with third parties. We don’t use, you know, X, Y, Z.

I think the salons that step out first and say, “We really care about your data,” are going to have kind of a first mover advantage among consumers and clients who really care about their data. There are people who may never care, okay? There are people that will sign up for everything and they just, you know, they don’t really think about it. But there are definitely, particularly among the millennial type generation and kind of like into 20s and early 30s and stuff, people are beginning to get a lot more conscious about how people are using their data. Particularly when you get emails, which we all do. You get emails from people you know you never ever signed any form with, let alone didn’t opt in, but you never even interacted with. So, that’s an example of how, for instance, a third party body obviously has been given a database with your information on it. So, it’s just, consumers are getting more and more aware about this thing.

Some people think GDPR’s going to be a pain in the arse in terms of admin and it is, but there are ways to streamline it like you said. There are ways to make it easy by using the right software, by doing the right consent, by making your team aware. I think the people who step out first and just kind of actually think about this and go, “You know what? I’m going to flip this and turn it into an opportunity to show people that we run our business really efficiently and that we really care about our clients’ data.” I think they’re the ones that are actually going to get a bump off GDPR in a good way.

Killian Vigna: Like, as scary as it sounds, and even though it might sound like it’s a lot of work, if you act now on it, it’s going to be easier for you because you’re going to be ahead of before they finally clamp down and you’re going to be ahead of a lot of other salon owners. This is now going to become a process, a habit, that you’re just used to before it becomes too big.

Connor Keppel: Yeah. Absolutely and the other thing as well, by the way, there another advantage is good marketing will actually be more impactful going forward, I think. People sign up for anything at the moment and they’re just getting spammed by everybody. So, theoretically, GDPR should reduce the amount of spam that everybody is getting. Theoretically. So, good marketing that people want to opt in for. Salons that provide real value by using, like, great emails, great SMS marketing, great social media, that they actually provide value that people want to opt in to.

Then, theoretically, that consumer or that client’s inbox will be less cluttered with spam, which means that your marketing will have greater visibility, you’ll be able to cut through the noise better and that’s another silver lining as well. I would just get on to GDPR early. I’d visit salongdpr.com. There’s a full e-book there. It gives you way more detail than I’m kind of talking about today. I’m only kind of touching really hitting the tip of the iceberg. If you want to talk to an advisor or anything about using software for GDPR it’s on there as well. But hit that website and just get as much information as you can as early as possible about it, and just try to move on it. Yeah, it’s going to be an interesting time. It’s definitely going to be an interesting time.

Killian Vigna: What are the, to you, the next steps for salon owners to take now? Other than joining on your webinar, which you can give a bit of detail around it as well.

Connor Keppel: Yeah.

Killian Vigna: But how can a salon owner now be proactive as opposed to being reactive?

Connor Keppel: Well, if I’m being honest, I think the first step to becoming proactive is to actually understand what is GDPR and the consent and the information. I would, like I say, go and visit that website, download the e-book and so on, but I would start learning and start talking to some of your team. Is there anyone on your team that’s actually interested in learning about GDPR, for instance? Is this a project that you can give to someone? Whether it be a receptionist, or if you don’t have a receptionist, is there somebody in there that’s always kind of crying out for a bigger project?

Killian Vigna: More responsibility.

Connor Keppel: More responsibility. Exactly in terms of the business. My first step would be to, I think, as a business owner you also need to find out for yourself as well, because it’s ultimately you that it’s going to impact. So, the first thing I would do is I would just try to absorb as much information as you can about this. Search online. Like I said, visit salongdpr.com but there’s other resources out there. Chances are your actual member state, if you’re in the UK or if you’re in Ireland and so on, there are country specific websites on GDPR and some of the regulation and some of this like this is the actual GDPR… I guess, what would you call it? The official document from the EU and stuff is just-

Killian Vigna: It can get crazy.

Connor Keppel: …so dense. Yeah, it’s probably… I can’t remember. It’s 150/200 pages or something huge. But there’s a lot of information out there right now. The second thing is there’s no harm, if you want to be talking to a GDPR advisor. An actual, you know, legal advisor, we can help salon owners understand what they need to do from a software point of view and what they need to do from a marketing, collecting info. But if you want to maybe go talk to an actual GDPR consultant that can talk to you and your business and start finding out information that way.

So, I personally think the first step is, honestly, is just to understand what GDPR is. What implications it’s going to have on you as a salon owner from a data point of view, which is all going to be around how you’re collecting, storing information. Who has access to it and being able to provide that audit trail. The earlier in you get in on it, the less of a panic there’s going to be, the less scary it will feel. This isn’t really particularly scary. It’s quite bureaucratic but, like I said, if you can get out early, use it in the right way, you can actually turn this into an advantage for your salon. But the first step in doing that has to be understanding how this is going to impact my business and what GDPR is.

Killian Vigna: Yeah, and I like that you’re saying get a champion in your salon. Like, while you need to know as much as you can, it’s good to share the load with someone else.

Connor Keppel: Yeah, absolutely. Yeah, yeah. So, just one other thing to mention as well actually, if you don’t mind. People are asking like, “What is the implication if you don’t adhere to GDPR?”

Killian Vigna: It’s the scary bit.

Connor Keppel: Well, it’s yeah. It is, I guess. The short answer is you can be fined up to 4% of your revenue. That’s a lot. So, if you salon is in three or four hundred thousand pounds, for instance, you can go in, calculate that. It’s a lot of money. The other thing I think that people are not thinking about, everybody’s obsessed with this 4% fine. I actually personally think the bigger impact is almost the reputational damage. So, if you don’t adhere to it, I’m not sure what each member state will do. Will they advertise it in the paper, or will there be like a big fanfare around businesses? Will they try and make an example of businesses that are not adhering to GDPR and then people are like, “Oh God, my data’s not safe in that business.” I think that would be actually far more longer detrimental than the fine itself.

Killian Vigna: That kind of reminds me of, you know, when you’re reading the local paper and there’s fast food restaurants and stuff like that, that have been issued with health warnings.

Connor Keppel: Correct.

Killian Vigna: Instantly it’s become this… They might not be shut down. They’ve just got the warning and that’s a black mark in your head.

Connor Keppel: Yeah.

Killian Vigna: Straight away.

Connor Keppel: Yeah. Absolutely. I mean some businesses do bounce back from it, don’t get me wrong. I think health and safety is probably even on another level again. Like, so in other words, if I’m eating in somewhere that just isn’t clean enough to be eaten in by consumers, I think that’s even on a different level than data. But it’s not far off it, you’re right.

Killian Vigna: It’s not far off it. It’s a lot of personal information.

Connor Keppel: Yeah, it is a lot of personal information. The other thing is, I guess, when you actually say that, “Personal information,” the thing is the information people give in salons is a lot deeper than in a lot of businesses and a lot more personal. So, you’re going to have things like, you’re going to talk about allergies, you’re going to be talking about what medications you might be taking. You go into a restaurant, you’re probably going to give your email for a receipt or you’re going to give whatever. You know, you’re going to give certain details, you’re not going to give that, like. So the information that could be leaked, or that can be misused, or whatever, is yeah. It’s very personal information.

There has been cases of… I’ve heard of cases so, like, in salons where somebody, a client, sued the salon because they heard personal information back about themselves through a friend because apparently there was a few people out from the salon in a nightclub. The friend overheard the people in salon talk about the client’s information, then it got back to that client that, “Listen. I was out last night and a bunch of people I heard them talking about your personal information.”

So, there has been things that have happened. Like I said, the EU whether we like it or we don’t like it as business owners, the reality is the EU is going to be heightening consumer awareness around this. The way that it’s heightened, you know, different things about pay equality about just all sorts of different consumer rights and data, now is going to be the latest one with GDPR. So, it’s time to be on it, and it’s time just to start really getting ready for May. Now is the time. It’s never too late. There’s no need to panic. It’s just about a case about picking up that e-book or hitting whatever website there is and just learning information about it, and starting to get prepared for May.

It might be worth, like I say, getting a consultant for yourself and dealing with a GDPR expert and yeah. That’s basically it. In terms of what we’re doing with the product as well, we are launching soon the digital consultations forms. We’ve already started with them actually, and they will allow you to opt in all your information correctly. It will allow you to… We’ll have GDPR compliant templates in there, so that they’re opting people in in the correct way. They know what they’re opting in for. You have that audit trail. Just, regardless, of course, I’d love everyone to be using Phorest, but just definitely get on some sort of GDPR compliant software and learn more about GDPR. Just don’t wait for it. It’s coming down the line and the reality is, it’s not even a case of just being ready, it’s a case of turning it into an opportunity and now’s the time.

Killian Vigna: So, Connor, thanks a million for joining us in for that today. Hopefully that sheds even more light on that. If anyone wants to hear Connor talk anymore on the issue there will be a webinar on February the 28th, which is a Wednesday. That event will be created on Facebook, so you will be able to attend it through that. It’s open to clients and non-clients. But then also there is <salongdpr.com> as well, if you want to dig even deeper again.

Connor Keppel: Yeah. Exactly. So everything I talked about today, guys, is just it’s really just hitting on the tip of the iceberg. The e-book is… I’d say it’d take maybe a max an hour to read the e-book and the website is like a four minute introduction as well. So, we kind of have it condensed. That really gives you from start to finish what you need to know as a salon owner for GDPR. It’ll basically introduce you to it and get you prepared.

Killian Vigna: Great.

Connor Keppel: All right. Thanks for having me, guys. Thank you.

Zoe Belisle-Springer: Thanks so much, Connor.

Killian Vigna: And now for our second half of the show, I’ve already announced one, but that’s not coming up for a while, so we webinars.

Zoe Belisle-Springer: Webinar. Actually webinars and trade shows this week. So, coming up real soon we have the ProBeauty London Trade Show. So if you’re in that area, you can tag along and come see us on stand P35. So, that’s on February 25th and 26th, and Connor actually will be giving a talk there on GDPR as well from 4:00 till 4:50. If you want to register for that event, that trade show, you can go on to our Facebook page and in the ticket link for that event, there’s a registration link for a free entrance badge.

And now, back to the Phorest Academy Webinars. On March 6th, we’ll have Valerie Delforge for another webinar on salon management. So, this time, she talks about how to manage difficult staff, which will be a very interesting one. Definitely one not to miss anyways. So, she’ll talk about creating a plan to deal with difficult staff members, building a process to ensure there are no critical staff issues, and she’ll also talk about staff meetings. You know, giving you the 101 kind of about staff meetings. So, again, if you want to sign up for that webinar, you can find your registration link through the events section on our Facebook page.

So, that’s it for us today, guys. If you want to talk with an advisor about a GDPR compliant salon software solution, visit <salongdpr.com> and book an appointment from there. And if you have any other feedback on the show please feel free to leave us a review on iTunes or on Stitcher. We’re always looking for suggestions on how to improve Phorest FM. Otherwise, have a wonderful week and we’ll catch you next Monday.